Troubleshooting
Problem
The customer was receiving an abundance of Invalid Session Authentication Failed (SIM User Authentication) failures.
Symptom
A lot of Invalid Session Authentication Failed events from SIM Audit-2 would be seen in Log Activity
Cause
These messages are related to browser trying to access an expired session token.
Diagnosing The Problem
Look in the /var/log/audit/audit.log file to see if you can determine which IP it's coming from.
Resolving The Problem
Restart tomcat by running the following command on the console command prompt:
service tomcat restart
Alternatively from the QRadar web user interface, Click Admin Tab > Advanced > Restart Web Server
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21700460